In 2016 Ryan Butler created a PowerShell script to update a NetScaler configuration to score an A+ at the SSL Labs SSL test. I updated this script to score an A+ in 2023.
This blog post would not be possible without the groundwork from Ryan Butler and Carl Stalhood. Ryan created the initial script and Carl provided me with a current SSL cipher list for Q2 2023.
Updates and tests
Last year, I had a few new Citrix NetScaler Gateway VPX setups, and needed a fast way to get the SSL settings right. Most of the time I used the script by Ryan, but in the meantime it was outdated. I grabbed the script and the provided SSL cipher list by Carl and got a working copy that immediately scored an A+ at SSL Labs. Sadly, I did not take my time to create a pull request over at Ryan’s GitHub to give back. Today I took my time, to tidy up the code, thanks to the Visual Studio Code PowerShell formatter and write up the changelog. Continue reading “Scoring an A+ at SSLLabs.com with Citrix NetScaler – Q2 2023 update”
Since 19 December 2020 7pm CET we see a possible worldwide DDOS amplify attack against Citrix Gateway UDP:443 DTLS EDT services.
11.01.2021: Added information about the new Citrix ADC Gateway (formerly NetScaler) firmware releases, which solve the memory leak issue with -helloVerifiyRequest
24.12.2020: Added information about the official Citrix Knowledge Center article CTX289674
Added a final summary, that repeats all possible solutions
Maked it a lot clearer, that -helloVerifiyRequest doesn’t seem to work well
22.12.2020: Added a warning note, that -helloVerifiyRequest doesn’t work on all Citrix ADC (NetScaler) firmware versions
21.12.2020: Added a third possible solution regarding -helloVerifiyRequest
21.12.2020: Initial version
During the night from Saturday (19.12.2020) to Sunday (20.12.2020) our Zabbix Monitoring informed us, that several Citrix Gateway VPX (50) appliances were at its license cap. We investigated the situation and soon found out, that we had 0 ICA sessions on most of them, hence no explanation for the traffic.
When creating automated (Citrix) Master Images for MCS or PVS, you often encounter software for which no MSI and EXE silent switches are provided – and the vendor refuses to cooperate.
In this session, Marco Hofmann will show you how to write simple unattended AutoIt installation scripts that can automate installations for tools such as the Microsoft Deployment Toolkit.
Today is the #virtualexpo hosted by Trond E Haavarstein. I registered a slot as a speaker, to talk about my struggle to include apps in my Citrix MCS Golden Master Images, which I built with the Automation Framework Microsoft Deployment Toolkit (MDT), when the vendor doesn’t include silent setup switches in their setup files.
For this purpose I’m giving an example, about how to solve this issue with AutoIt.
I you want to hear my speech and all the other great speakers, take a look at the agenda and register!